User Access Security - Recommended Practices
Insight is a store of potentially very sensitive and personally identifiable information (PII), so user access security is paramount. This guide explains our recommended practices for user access security.
Make sure individuals have their own access
It's important that individuals accessing any Insight account, even temporarily, have their own credentials (username and password). People sharing login information puts the protection of your data at risk. There are several benefits to proper, individual access:
- You can easily remove an individual from your account when they no longer need access (for example, when a teacher moves to another school).
- A proper audit trail can be maintained, which helps everyone meet their data protection obligations, and makes it easier for us to put mistakes right (eg if a user accidentally deletes some data, it's easier for us to track down what happened and hopefully restore it). You can also check when users have last logged in.
- If someone requests help while using Insight, we'll know who to get in touch with and can more easily offer technical support (like checking user cookies, browsers, error logs, etc).
Keep an eye on access levels
All users should have the minimum access level required for them to meet their needs. It's a good idea to regularly review who has access to your school or trust.